当前位置:网站首页>Chapter 16 oauth2authorizationrequestredirectwebfilter source code analysis
Chapter 16 oauth2authorizationrequestredirectwebfilter source code analysis
2022-07-05 23:54:00 【buffeer】
OAuth2AuthorizationRequestRedirectWebFilter Filters are used to redirect to third-party authorization servers .
1. overview
OAuth2AuthorizationRequestRedirectWebFilter Filter dependent class :
- ServerAuthorizationRequestRepository: Storage AuthorizationRequest object
- ServerOAuth2AuthorizationRequestResolver: Intercept the specified request and parse
OAuth2AuthorizationRequestRedirectWebFilter Both dependent classes can be customized . If there is no custom configuration , Then the default will be used .
2. initialization
SeverHttpSecurity Methods configure Will create OAuth2AuthorizationRequestRedirectWebFilter filter . Let's first look at how it was created , The source code is shown below .
protected void configure(ServerHttpSecurity http) {
OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = this.getRedirectWebFilter();
ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = this.getAuthorizationRequestRepository();
oauthRedirectFilter.setAuthorizationRequestRepository(authorizationRequestRepository);
oauthRedirectFilter.setRequestCache(http.requestCache.requestCache);
}
establish OAuth2AuthorizationRequestRedirectWebFilter When filtering , If you configure custom authorizationRequestResolver , Then use it to intercept the specified request and parse ; Otherwise, the default parser , The interception request path is /oauth2/authorization.
private OAuth2AuthorizationRequestRedirectWebFilter getRedirectWebFilter() {
// If a custom authorizationRequestResolver. Use custom authorizationRequestResolver
// Otherwise, use the default DefaultServerOAuth2AuthorizationRequestResolver
return this.authorizationRequestResolver != null ? new OAuth2AuthorizationRequestRedirectWebFilter(this.authorizationRequestResolver) : new OAuth2AuthorizationRequestRedirectWebFilter(this.getClientRegistrationRepository());
}
establish ServerAuthorizationRequestRepository when , If a custom authorizationRequestRepository , Then use custom ; Otherwise, use the default based on Session Storage , hold OAuth2AuthorizationRequest Objects stored in Session in .
private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> getAuthorizationRequestRepository() {
if (this.authorizationRequestRepository == null) {
this.authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
}
return this.authorizationRequestRepository;
}
3. Filter core source code analysis
OAuth2AuthorizationRequestRedirectWebFilter The core function of the filter is : Intercept the request and redirect it to the third-party authorization server . What requests will be blocked 、 How to redirect ? With these questions, let's take a look at the source code .
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return this.authorizationRequestResolver.resolve(exchange)
.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
.onErrorResume(ClientAuthorizationRequiredException.class,
(ex) -> this.requestCache.saveRequest(exchange).then(
this.authorizationRequestResolver.resolve(exchange, ex.getClientRegistrationId()))
)
.flatMap((clientRegistration) -> sendRedirectForAuthorization(exchange, clientRegistration));
}
private Mono<Void> sendRedirectForAuthorization(ServerWebExchange exchange,
OAuth2AuthorizationRequest authorizationRequest) {
return Mono.defer(() -> {
Mono<Void> saveAuthorizationRequest = Mono.empty();
if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationRequest.getGrantType())) {
// Store in Session in
saveAuthorizationRequest = this.authorizationRequestRepository
.saveAuthorizationRequest(authorizationRequest, exchange);
}
// Authorized address
URI redirectUri = UriComponentsBuilder.fromUriString(authorizationRequest.getAuthorizationRequestUri())
.build(true)
.toUri();
// Redirect
return saveAuthorizationRequest
.then(this.authorizationRedirectStrategy.sendRedirect(exchange, redirectUri));
});
}
4. default authorizationRequestResolver
default authorizationRequestResolver The implementation class is DefaultServerOAuth2AuthorizationRequestResolver. By default, it intercepts requests /oauth2/authorization
public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOAuth2AuthorizationRequestResolver {
public static final String DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
public static final String DEFAULT_AUTHORIZATION_REQUEST_PATTERN = "/oauth2/authorization/{"
+ DEFAULT_REGISTRATION_ID_URI_VARIABLE_NAME + "}";
public DefaultServerOAuth2AuthorizationRequestResolver(
ReactiveClientRegistrationRepository clientRegistrationRepository) {
// path matcher
this(clientRegistrationRepository,
new PathPatternParserServerWebExchangeMatcher(DEFAULT_AUTHORIZATION_REQUEST_PATTERN));
}
}
DefaultServerOAuth2AuthorizationRequestResolver Function return of OAuth2AuthorizationRequest( Authorization request information ), It represents an authorization request .DefaultServerOAuth2AuthorizationRequestResolver How to create it ? The source code is as follows :
private OAuth2AuthorizationRequest authorizationRequest(ServerWebExchange exchange,
ClientRegistration clientRegistration) {
// Callback url. application.yml Configure the corresponding application configuration callback url
String redirectUriStr = expandRedirectUri(exchange.getRequest(), clientRegistration);
Map<String, Object> attributes = new HashMap<>();
attributes.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId());
OAuth2AuthorizationRequest.Builder builder = getBuilder(clientRegistration, attributes);
builder.clientId(clientRegistration.getClientId())
.authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
.redirectUri(redirectUriStr)
.scopes(clientRegistration.getScopes())
// Prevent requests from being tampered
.state(this.stateGenerator.generateKey())
.attributes(attributes);
this.authorizationRequestCustomizer.accept(builder);
return builder.build();
}
Method expandRedirectUri Support Uri Variable substitution . For example, in application.yml To configure
spring:
security:
oauth2:
client:
registration:
google:
clientId: "xxxx"
clientSecret: "xxxx"
redirectUri: "{baseUrl}/api/oauth2/code/{registrationId}"
5. default authorizationRequestRepository
default authorizationRequestResolver Implementation class of WebSessionOAuth2ServerAuthorizationRequestRepository be based on Session Storage . It will bring OAuth2AuthorizationRequest Store in Session in , Facilitate subsequent requests from Session Remove from .
边栏推荐
- STM32__ 06 - single channel ADC
- 4点告诉你实时聊天与聊天机器人组合的优势
- XML configuration file (DTD detailed explanation)
- 零犀科技携手集智俱乐部:“因果派”论坛成功举办,“因果革命”带来下一代可信AI
- [Luogu cf487e] tours (square tree) (tree chain dissection) (line segment tree)
- 行列式学习笔记(一)
- mysql-全局锁和表锁
- Redis高可用——主从复制、哨兵模式、集群
- TS type declaration
- Comparison of parameters between TVs tube and zener diode
猜你喜欢
行列式学习笔记(一)
激光slam学习记录
Part III Verilog enterprise real topic of "Niuke brush Verilog"
Hcip course notes-16 VLAN, three-tier architecture, MPLS virtual private line configuration
XML配置文件(DTD详细讲解)
698. Divided into k equal subsets ●●
Rasa 3.x 学习系列-Rasa X 社区版(免费版) 更改
CAS and synchronized knowledge
Fiddler Everywhere 3.2.1 Crack
18. (ArcGIS API for JS) ArcGIS API for JS point collection (sketchviewmodel)
随机推荐
保研笔记一 软件工程与计算卷二(1-7章)
Objective C message dispatch mechanism
Spreadjs 15.1 CN and spreadjs 15.1 en
GFS分布式文件系统
20.移植Freetype字体库
5. Logistic regression
Research notes I software engineering and calculation volume II (Chapter 1-7)
什么叫做信息安全?包含哪些内容?与网络安全有什么区别?
Qt 一个简单的word文档编辑器
Zero rhino technology joined hands with the intelligence Club: the "causal faction" forum was successfully held, and the "causal revolution" brought the next generation of trusted AI
21. PWM application programming
STM32__ 06 - single channel ADC
行列式学习笔记(一)
4点告诉你实时聊天与聊天机器人组合的优势
Upgrade openssl-1.1.1p for openssl-1.0.2k
开源crm客户关系统管理系统源码,免费分享
20. Migrate freetype font library
Use mapper: --- tkmapper
【LeetCode】5. Valid Palindrome·有效回文
教你在HbuilderX上使用模拟器运行uni-app,良心教学!!!